Manuel Pégourié-Gonnard
Manuel Pégourié-Gonnard
### Suggested enhancement [RFC 9325](https://datatracker.ietf.org/doc/html/rfc9325) is the latest Best Current Practices document regarding TLS and DTLS. It makes recommendations about which mechanisms should be preferred and which should be avoided...
## Description Fix #9232 - partially, the low-hanging fruits (also those that don't make the code size go up by too much). Status: work in progress. TODO: - [ ]...
Since we're removing support for SSL 3.0 and newer versions are called TLS, it would probably be less confusing for users if our SSL module was called TLS and all...
There's a mismatch between what TLS 1.2 expects and what PSA Crypto provides regarding FFDH. See [the documentation on PSA limitations](https://github.com/Mbed-TLS/mbedtls/blob/development/docs/architecture/psa-migration/psa-limitations.md#arbitrary-parameters-for-ffdh) for details. (Note: this is only a problem for...
Currently, our X.509 chain verification functions can accept a callback that can for example perform additional checks, or clear flags found by our checks. However, this callback is currently called...
From a security perspective (and even from a compliance perspective when it comes to 1.3) we should not make it easy for clients to skip server authentication. Also from a...
This issue is meant as a place to discuss what we want to do with PK in 4.0. There are two main options: 1. Keep it as part of the...
This issue is meant as a place to discuss what we want to do with MD in 4.0. There are two main options: 1. Keep it as part of the...
This issue is meant as a place to discuss what we want to do with Cipher in 4.0. There are two main options: 1. Keep it as part of the...
First of all, I love the idea behind ctgrind, and having a way to actually test whether some piece of code has branches or memory accesses that depend on secret...